方法一：完全禁用未登录用户获取api

/*禁用未登录的用户*/
add_filter( 'rest_api_init', 'rest_only_for_authorized_users', 99 );
function rest_only_for_authorized_users($wp_rest_server){
    if ( !is_user_logged_in() ) {
        wp_die('非法操作！');
    }
}

方式二：过滤部分端点不能访问
通过访问http://www.test.com/wp-json/，查看需要过滤的端点

add_filter( 'rest_endpoints', function( $endpoints ){
    if ( isset( $endpoints['/wp/v2/users'] ) ) {
        unset( $endpoints['/wp/v2/users'] );
    }
    if ( isset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] ) ) {
        unset( $endpoints['/wp/v2/users/(?P<id>[\d]+)'] );
    }
    return $endpoints;
});

或

foreach ($endpoints as $key=>$value){
    if(preg_match("/^(\/wp\/v2|\/oembed\/1.0|\/ft\/v1)/",$key)){
        unset( $endpoints[$key] );
    }
}
//
if ( isset( $endpoints['/'] ) ) {
    unset( $endpoints['/'] );
}

方式三：从API中删除所有端点

add_action（' plugins_loaded '，function（）{ 
    remove_filter（' rest_api_init '，' create_initial_rest_routes '）; 
}）;

组合使用：部分api，登录可以访问

add_filter( 'rest_endpoints', function( $endpoints ){

    foreach ($endpoints as $key=>$value){
        if(preg_match("/^(\/wp\/v2|\/oembed\/1.0|\/ft\/v1)/",$key) && defined(AUTH_KEY)){
            unset( $endpoints[$key] );
        }
    }
    if ( isset( $endpoints['/'] ) ) {
        unset( $endpoints['/'] );
    }
    return $endpoints;
});